On Tue, 2022-02-08 at 09:41 +0100, Thomas Gleixner wrote: > On Mon, Feb 07 2022 at 14:39, Dave Hansen wrote: > > > On 1/30/22 13:18, Rick Edgecombe wrote: > > > +config X86_SHADOW_STACK > > > + prompt "Intel Shadow Stack" > > > + def_bool n > > > + depends on AS_WRUSS > > > + depends on ARCH_HAS_SHADOW_STACK > > > + select ARCH_USES_HIGH_VMA_FLAGS > > > + help > > > + Shadow Stack protection is a hardware feature that detects > > > function > > > + return address corruption. This helps mitigate ROP > > > attacks. > > > + Applications must be enabled to use it, and old userspace > > > does not > > > + get protection "for free". > > > + Support for this feature is present on Tiger Lake family > > > of > > > + processors released in 2020 or later. Enabling this > > > feature > > > + increases kernel text size by 3.7 KB. > > > > I guess the "2020" comment is still OK. But, given that it's on > > AMD and > > a could of other Intel models, maybe we should just leave this at: > > > > CPUs supporting shadow stacks were first released in 2020. > > Yes. > > > If we say anything. We mostly want folks to just go read the > > documentation if they needs more details. > > Also the kernel text size increase blurb is pretty useless as that's > a > number which is wrong from day one. Makes sense. Thanks.
